The best way to detect a RAM scraper is via regular traffic and critical file monitoring and log analysis, experts say. Following are eight tips for protecting against RAM scraping, gleaned from the Verizon report:
* Strong firewall and antivirus presence and maintenance, logging, review. Keep the RAM scrapers (and other malware) out.
* Regularly confirm the integrity of your host intrusion detection systems.
* Monitor disk activity and keep an eye out for file-creation in Windows system and temp subfolders.
* Monitor critical file activity. .exe files such as RAM scrapers will be flagged when executed.
* Tighten server credentials. There’s no excuse for default admin credentials on a home computer, much less on systems that process financial transactions.
* Bear in mind that end-to-end encryption doesn’t include the clear-data processes at the end-points.
* Deny, if possible, admin-level credentials to POS and POS support vendors and reset vendor credentials and settings.
* Minimize and test the persistence of data in volatile memory. Just because the specs say data persists for a millisecond doesn’t make it true.
it’s a good practice to extend monitoring and log analysis to all RAM-equipped devices in the business. You could be surprised at how much data is sitting in the RAM of your network printers, for instance.